[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v4 05/18] e1000: cleanup process_tx_desc
From: |
Michael S. Tsirkin |
Subject: |
[Qemu-devel] [PULL v4 05/18] e1000: cleanup process_tx_desc |
Date: |
Sun, 7 Jul 2013 23:19:48 +0300 |
From: Andrew Jones <address@hidden>
Coverity complains about two overruns in process_tx_desc(). The
complaints are false positives, but we might as well eliminate
them. The problem is that "hdr" is defined as an unsigned int,
but then used to offset an array of size 65536, and another of
size 256 bytes. hdr will actually never be greater than 255
though, as it's assigned only once and to the value of
tp->hdr_len, which is an uint8_t. This patch simply gets rid of
hdr, replacing it with tp->hdr_len, which makes it consistent
with all other tp member use in the function.
v2:
- also cleanup coding style issues in the touched lines
Signed-off-by: Andrew Jones <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/net/e1000.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index e6f46f0..620f947 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -556,7 +556,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
uint32_t txd_lower = le32_to_cpu(dp->lower.data);
uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
- unsigned int msh = 0xfffff, hdr = 0;
+ unsigned int msh = 0xfffff;
uint64_t addr;
struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
struct e1000_tx *tp = &s->tx;
@@ -603,8 +603,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
addr = le64_to_cpu(dp->buffer_addr);
if (tp->tse && tp->cptse) {
- hdr = tp->hdr_len;
- msh = hdr + tp->mss;
+ msh = tp->hdr_len + tp->mss;
do {
bytes = split_size;
if (tp->size + bytes > msh)
@@ -612,14 +611,16 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
bytes = MIN(sizeof(tp->data) - tp->size, bytes);
pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes);
- if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
- memmove(tp->header, tp->data, hdr);
+ sz = tp->size + bytes;
+ if (sz >= tp->hdr_len && tp->size < tp->hdr_len) {
+ memmove(tp->header, tp->data, tp->hdr_len);
+ }
tp->size = sz;
addr += bytes;
if (sz == msh) {
xmit_seg(s);
- memmove(tp->data, tp->header, hdr);
- tp->size = hdr;
+ memmove(tp->data, tp->header, tp->hdr_len);
+ tp->size = tp->hdr_len;
}
} while (split_size -= bytes);
} else if (!tp->tse && tp->cptse) {
@@ -633,8 +634,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
if (!(txd_lower & E1000_TXD_CMD_EOP))
return;
- if (!(tp->tse && tp->cptse && tp->size < hdr))
+ if (!(tp->tse && tp->cptse && tp->size < tp->hdr_len)) {
xmit_seg(s);
+ }
tp->tso_frames = 0;
tp->sum_needed = 0;
tp->vlan_needed = 0;
--
MST
- [Qemu-devel] [PULL v4 00/18] pci,misc enhancements, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 01/18] range: add Range structure, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 03/18] pc: pass PCI hole ranges to Guests, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 04/18] pc_piix: cleanup init compat handling, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 05/18] e1000: cleanup process_tx_desc,
Michael S. Tsirkin <=
- [Qemu-devel] [PULL v4 06/18] MAINTAINERS: s/Marcelo/Paolo/, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 08/18] pvpanic: fix fwcfg for big endian hosts, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 07/18] pvpanic: initialization cleanup, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 10/18] pci: Move pci_read_devaddr to pci-hotplug-old.c, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 09/18] pci: Cleanup configuration for pci-hotplug.c, Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 12/18] pci: Use helper to find device's root bus in pci_find_domain(), Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 13/18] pci: Replace pci_find_domain() with more general pci_root_bus_path(), Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 11/18] pci: Abolish pci_find_root_bus(), Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 14/18] pci: Add root bus argument to pci_get_bus_devfn(), Michael S. Tsirkin, 2013/07/07
- [Qemu-devel] [PULL v4 16/18] pci: Simpler implementation of primary PCI bus, Michael S. Tsirkin, 2013/07/07